Top 10 use cases of HP ArcSight Logger

Transcription

1 Top 10 use cases of HP ArcSight Logger Sridhar #HPSecure

2 Big data is driving innovation The Big Data will continue to expand Collect Big Data for analytics Store Big Data for compliance Search Big Data for incident response Correlate Big Data for security

3 Log management challenges Where do I start? Consolidated view Comprehensive collection Ultra-fast forensic investigation Filtering & parsing of various logs IT change management Secure applications Store Big Data Compliance and reporting Mobility

4 A new approach: Comprehensive log management HP s unique approach to universal log management Collect 100% data collection Enrich Search? Unify Big Data through normalization and categorization Fastest search engine on the planet Store Store years worth of Big Data without additional database Correlate Analytics for 25+ use cases including security and compliance

5 What we do? HP ArcSight Log management and SIEM solution Collect Store Analyze

6 Unified data Convert all machine data into common format for search, report, and retention Raw machine data Jun :16:03: %PIX : Deny TCP (no connection) from /15605 to /443 flags FIN ACK on interface outside Jun :53:16 drop gw.foobar.com >eth0 product VPN-1 & Firewall-1 src xxx.xxx s_port 2523 dst xxx.xxx.10.2 service ms-sql-m proto udp rule 49 Unified data Time (Event Time) name 6/17/ :16:03 6/17/ :53:16 Device Vendor DeviceProduct Category Behavior Category DeviceGroup Category Outcome Deny Cisco PIX /Access /Firewall /Failure Drop Checkpoint Firewall-1/VPN-1 /Access/Start /Firewall /Failure Benefit: Single data for searching, indexing, reporting, and archiving Category Significance /Informational/ Warning /Informational/ Warning

7 Customer benefits 4 weeks to generate IT GRC report Logger compliance packs generates IT GRC reports in 5 minutes 6 weeks to run an IT audit Audit-quality search results helps you run audits in 8 hours 24 days to respond to a breach Fastest search engine along with full-text searching enable respond in 4 hours

8 Top 10 use cases: Fastest search engine on the planet for the machine data

9 #10: Dev-Ops/ Sec-Ops Integrating operations to be part of other IT priorities Heat map/ Sec-Ops Asset mapping Risk indicators Dev-Ops Prioritization Isolation of incidents Aggregation events Continuous monitoring Heat map of risk Vulnerability score Risk scoring Development feedback

10 #9: Log analytics for support team Provide view access to log analytics Different support groups get access to logs that only they care Secure your logs with view only access to broader teams including contractors and partners

11 #8: Threat detection and response Early detection of attacks from malware, virus or distributed attacks Upload reputation database and use lookup to find any suspicious activities or threats

12 Security Analytics Attacks Store year s worth of data (1.6 Peta Bytes) of data through peering 20 instances of Logger Run reports/ dashboards/ alerts on years worth of data Transfer data between Logger & ESM for long term security analytics use cases

13 Organizations of All Sizes Are At Risk Typical threats Bot, Worm, and Virus Attacks Hacker Detection Bandwidth Hogs and Policy Violations Unauthorized Application Access VPN Sneak Attacks 2010 ArcSight Confidential 13

14 #7: Web log analysis What websites are frequently visited? What is the click through rate? Which Search Engine is generating the lead for the visitor at my website?

15 #6: Network analytics Analyze network data through netflow, syslog, etc Firewall/ NGFW log analytics in realtime across the devices and vendors Integrate with IPS/ IDS for better management of threats/ attacks

16 #5: Application intelligence Monitoring application logs for security, performance, and operations Logs both on-the-wire and run-time for securing both new and legacy apps

17 #4: Cloud monitoring Logger collects and analyzes logs/ data from every layer or any RESTful APIs User Application Application Application Information O/S Network Physical Information O/S image IaaS PaaS SaaS Consumer responsible Provider responsible

18 #3: Mobility Monitoring on the go Compliance and security analytics on the mobile device Provide access to analysts/ CISO/ CIO to be on the same page Access dashboards/ reports quickly on ipad/ iphone

19 #2: Compliance and audit reporting Built-in reports for automated compliance and audit reports Focused on delivering compliance Alerts Dashboards Reports Workflow Retention NIST ISO PCI DSS SOX

20 #1: Big Data analytics Collect from 350+ log generating sources Collect data up to 5 TB/ day Store 1.6 PB of data Search billions of events in seconds through bloom filters Full-text English searching Collect data from thousands of devices from thousands of vendors 20

21